diff --git a/optional/clamav/Dockerfile b/optional/clamav/Dockerfile deleted file mode 100644 index a0a67749..00000000 --- a/optional/clamav/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# syntax=docker/dockerfile-upstream:1.4.3 - -# clamav image -FROM base - -ARG VERSION=local -LABEL version=$VERSION - -RUN set -euxo pipefail \ - ; apk add --no-cache clamav clamav-libunrar rsyslog wget - -COPY conf/ /etc/clamav/ -COPY start.py / - -RUN echo $VERSION >/version - -#EXPOSE 3310/tcp -HEALTHCHECK CMD kill -0 `cat /run/clamd.pid` && kill -0 `cat /run/freshclam.pid` - -VOLUME ["/data"] - -CMD /start.py diff --git a/optional/clamav/README.md b/optional/clamav/README.md deleted file mode 100644 index 68cd3ffe..00000000 --- a/optional/clamav/README.md +++ /dev/null @@ -1,12 +0,0 @@ -Mailu ClamAV container -====================== - -ClamAV is an open source antivirus engine for detecting trojans, viruses, -malware & other malicious threats. - -Resources ---------- - - * [Report issues](https://github.com/Mailu/Mailu/issues) and - [send Pull Requests](https://github.com/Mailu/Mailu/pulls) - in the [main Mailu repository](https://github.com/Mailu/Mailu) \ No newline at end of file diff --git a/optional/clamav/conf/clamd.conf b/optional/clamav/conf/clamd.conf deleted file mode 100644 index 061d7f6a..00000000 --- a/optional/clamav/conf/clamd.conf +++ /dev/null @@ -1,56 +0,0 @@ -############### -# General -############### - -DatabaseDirectory /data -TemporaryDirectory /tmp -LogTime yes -PidFile /run/clamd.pid -LocalSocket /tmp/clamd.sock -TCPSocket 3310 -Foreground yes - -############### -# Results -############### - -DetectPUA yes -ExcludePUA NetTool -ExcludePUA PWTool -HeuristicAlerts yes -Bytecode yes - -############### -# Scan -############### - -ScanPE yes -DisableCertCheck yes -ScanELF yes -AlertBrokenExecutables yes -ScanOLE2 yes -ScanPDF yes -ScanSWF yes -ScanMail yes -PhishingSignatures yes -PhishingScanURLs yes -ScanHTML yes -ScanArchive yes - -############### -# Scan -############### - -MaxScanSize 150M -MaxFileSize 30M -MaxRecursion 10 -MaxFiles 15000 -MaxEmbeddedPE 10M -MaxHTMLNormalize 10M -MaxHTMLNoTags 2M -MaxScriptNormalize 5M -MaxZipTypeRcg 1M -MaxPartitions 128 -MaxIconsPE 200 -PCREMatchLimit 10000 -PCRERecMatchLimit 10000 diff --git a/optional/clamav/conf/freshclam.conf b/optional/clamav/conf/freshclam.conf deleted file mode 100644 index 828163a0..00000000 --- a/optional/clamav/conf/freshclam.conf +++ /dev/null @@ -1,18 +0,0 @@ -############### -# General -############### - -DatabaseDirectory /data -UpdateLogFile /dev/stdout -LogTime yes -PidFile /run/freshclam.pid -DatabaseOwner root - -############### -# Updates -############### - -DatabaseMirror database.clamav.net -ScriptedUpdates yes -NotifyClamd /etc/clamav/clamd.conf -Bytecode yes diff --git a/optional/clamav/start.py b/optional/clamav/start.py deleted file mode 100755 index 684d9edd..00000000 --- a/optional/clamav/start.py +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env python3 - -import os -import logging as logger -import sys -from socrate import system - -system.set_env(log_filters=r'SelfCheck: Database status OK\.$') - -# Bootstrap the database if clamav is running for the first time -if not os.path.isfile("/data/main.cvd"): - logger.info("Starting primary virus DB download") - os.system("freshclam") - -# Run the update daemon -logger.info("Starting the update daemon") -os.system("freshclam -d -c 6") - -# Run clamav -logger.info("Starting clamav") -os.system("clamd") diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index a81f9f44..c06d15c0 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -139,7 +139,7 @@ services: hostname: oletools restart: always networks: - - noinet + - oletools depends_on: {% if resolver_enabled %} - resolver @@ -172,10 +172,13 @@ services: driver: journald options: tag: mailu-antispam -{% if oletools_enabled %} networks: - default - - noinet +{% if oletools_enabled %} + - oletools +{% endif %} +{% if antivirus_enabled %} + - clamav {% endif %} volumes: - "{{ root }}/filter:/var/lib/rspamd" @@ -198,17 +201,16 @@ services: # Optional services {% if antivirus_enabled %} antivirus: - image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-{{ version }}} + image: clamav/clamav-debian:1.2.0-6 restart: always - env_file: {{ env }} + logging: + driver: journald + options: + tag: mailu-clamav + networks: + - clamav volumes: - - "{{ root }}/filter:/data" - {% if resolver_enabled %} - depends_on: - - resolver - dns: - - {{ dns }} - {% endif %} + - "{{ root }}/filter/clamav:/var/lib/clamav" {% endif %} {% if webdav_enabled %} @@ -275,8 +277,12 @@ networks: webmail: driver: bridge {% endif %} +{% if antivirus_enabled %} + clamav: + driver: bridge +{% endif %} {% if oletools_enabled %} - noinet: + oletools: driver: bridge internal: true {% endif %} diff --git a/tests/build-ci.hcl b/tests/build-ci.hcl index a78488f8..ad7f4bf7 100644 --- a/tests/build-ci.hcl +++ b/tests/build-ci.hcl @@ -49,7 +49,6 @@ group "default" { "webmail", - "antivirus", "fetchmail", "resolver", "traefik-certdumper", @@ -207,15 +206,6 @@ target "webmail" { # ----------------------------------------------------------------------------------------- # Optional images # ----------------------------------------------------------------------------------------- -target "antivirus" { - inherits = ["defaults"] - context = "optional/clamav/" - contexts = { - base = "docker-image://${DOCKER_ORG}/base:${MAILU_VERSION}" - } - tags = tag("clamav") -} - target "fetchmail" { inherits = ["defaults"] context = "optional/fetchmail/" diff --git a/tests/build.hcl b/tests/build.hcl index e7c8387a..c5a9d10b 100644 --- a/tests/build.hcl +++ b/tests/build.hcl @@ -45,7 +45,6 @@ group "default" { "webmail", - "antivirus", "fetchmail", "resolver", "traefik-certdumper", @@ -201,15 +200,6 @@ target "webmail" { # ----------------------------------------------------------------------------------------- # Optional images # ----------------------------------------------------------------------------------------- -target "antivirus" { - inherits = ["defaults"] - context = "optional/clamav/" - contexts = { - base = "target:base" - } - tags = tag("clamav") -} - target "fetchmail" { inherits = ["defaults"] context = "optional/fetchmail/" diff --git a/tests/compose/filters/docker-compose.yml b/tests/compose/filters/docker-compose.yml index 3eb2d84c..329c0282 100644 --- a/tests/compose/filters/docker-compose.yml +++ b/tests/compose/filters/docker-compose.yml @@ -70,7 +70,7 @@ services: hostname: oletools restart: always networks: - - noinet + - oletools antispam: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-local} @@ -78,7 +78,8 @@ services: env_file: mailu.env networks: - default - - noinet + - oletools + - clamav volumes: - "/mailu/filter:/var/lib/rspamd" - "/mailu/dkim:/dkim" @@ -88,11 +89,16 @@ services: # Optional services antivirus: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-local} + image: clamav/clamav-debian:1.2.0-6 restart: always - env_file: mailu.env + logging: + driver: journald + options: + tag: mailu-clamav + networks: + - clamav volumes: - - "/mailu/filter:/data" + - "/mailu/filter/clamav:/var/lib/clamav" resolver: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-local} @@ -112,6 +118,8 @@ networks: driver: default config: - subnet: 192.168.203.0/24 - noinet: + clamav: + driver: bridge + oletools: driver: bridge internal: true diff --git a/towncrier/newsfragments/2059.misc b/towncrier/newsfragments/2059.misc new file mode 100644 index 00000000..b6797b81 --- /dev/null +++ b/towncrier/newsfragments/2059.misc @@ -0,0 +1 @@ +Switch to upstream's clamav image